To allow any attribute to be modified, such as for an administrator account, the policy
decision point (PDP) does not need to check the impactedAttributes
attribute.
To create a policy that allows an administrator to modify any attributes, complete the following step.
Create a policy, and then add a rule with the Effect set
to Permit the decision based on the
Condition that the user is an administrator.
To check the user, for example, you can set up a condition to compare whether
HttpRequest.AccessToken.scope equals
administrator.